What are weak ciphers?

Cryptography relies on ciphers to encrypt our data. For example, RC4 (Rivest Cipher 4 also known as ARC4 or ARCFOUR meaning Alleged RC4) is one. While RC4 is remarkable for its simplicity and speed, multiple vulnerabilities have been discovered since the original release of RC4, rendering it insecure. RC4 is especially vulnerable when the beginning of the output key stream isn’t discarded, or when non-random or related keys are used.

How do I use this security assessment to improve my organizational security posture?

  1. Review the security assessment for weak cipher usage. Review weak cipher usage assessment.
  2. Research why the identified clients and servers are using weak ciphers.
  3. Remediate the issues and disable use of RC4 and/or other weak ciphers (such as DES/3DES).
  4. To learn more about disabling RC4, see the Microsoft Security Advisory.


This assessment is updated in near real time.



Make sure to test the following settings in a controlled environment before enabling them in production.

To remediate weak cipher usage, modify the msDS-SupportedEncryptionTypes AD attribute on the applicable devices and accounts, and remove the weak ciphers based on these bit flags.

After ensuring that devices and accounts are no longer using the weak ciphers, then modify the domain controller security policy to drop the weak ciphers from the Network security: Configure encryption types allowed for Kerberos setting.

Source : Official Microsoft Brand
Editor by : BEST Antivirus KBS Team

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.